Skip to content

Harden php configurations

Partially fixes php security in #72 (closed)

I've also added some other unnecessary functions to the ones @jelle has said:

php_admin_value[disable_functions] = passthru, exec, proc_open, shell_exec, system, popen

to

php_admin_value[disable_functions] = symlink, virtual, dl, suexec, system, shell_exec, popen, pclose, proc_open, proc_get_status, proc_nice, proc_terminate, exec, passthru, show_source, escapeshellcmd, escapeshellarg

Also I'm not sure if allow_url_fopen needs to be enabled, so I suggest disabling it too, unless there is something in code that's using this.

And at last, exposing php version is unnecessary too imo.

Edited by Amin Vakil

Merge request reports